Re: [PATCH V3 03/10] xfs: Check for extent overflow when deleting an extent

From: "Darrick J. Wong" <darrick.wong@oracle.com>
To: Chandan Babu R <chandanrlinux@gmail.com>
Cc: linux-xfs@vger.kernel.org, david@fromorbit.com, hch@infradead.org
Subject: Re: [PATCH V3 03/10] xfs: Check for extent overflow when deleting an extent
Date: Mon, 31 Aug 2020 09:34:51 -0700	[thread overview]
Message-ID: <20200831163451.GL6096@magnolia> (raw)
In-Reply-To: <20200820054349.5525-4-chandanrlinux@gmail.com>

On Thu, Aug 20, 2020 at 11:13:42AM +0530, Chandan Babu R wrote:
> Deleting a file range from the middle of an existing extent can cause
> the per-inode extent count to increase by 1. This commit checks for
> extent count overflow in such cases.
> 
> Signed-off-by: Chandan Babu R <chandanrlinux@gmail.com>
> ---
>  fs/xfs/libxfs/xfs_inode_fork.h | 6 ++++++
>  fs/xfs/xfs_bmap_item.c         | 4 ++++
>  fs/xfs/xfs_bmap_util.c         | 5 +++++
>  3 files changed, 15 insertions(+)
> 
> diff --git a/fs/xfs/libxfs/xfs_inode_fork.h b/fs/xfs/libxfs/xfs_inode_fork.h
> index 7fc2b129a2e7..2642e4847ee0 100644
> --- a/fs/xfs/libxfs/xfs_inode_fork.h
> +++ b/fs/xfs/libxfs/xfs_inode_fork.h
> @@ -39,6 +39,12 @@ struct xfs_ifork {
>   * extent to a fork and there's no possibility of splitting an existing mapping.
>   */
>  #define XFS_IEXT_ADD_NOSPLIT_CNT	(1)
> +/*
> + * Removing an extent from the middle of an existing extent can cause the extent
> + * count to increase by 1.
> + * i.e. | Old extent | Hole | Old extent |
> + */
> +#define XFS_IEXT_REMOVE_CNT		(1)

The first thought that popped into my head after reading the subject
line was "UH-oh, is this going to result in undeletable files when the
extent counts hit max and the user tries to rm?"

Then I realized that "when deleting an extent" actually refers to
punching holes in the middle of files, not truncating them.

So I think at the very least the subject line should be changed to
say that we're talking about hole punching, not general file deletion;
and the constant probably ought to be called XFS_IEXT_PUNCH_CNT to make
that clearer.

Aside from that the logic seems ok to me.

(Also PS I'm not reviewing these patches in order...)

--D

>  
>  /*
>   * Fork handling.
> diff --git a/fs/xfs/xfs_bmap_item.c b/fs/xfs/xfs_bmap_item.c
> index ec3691372e7c..b9c35fb10de4 100644
> --- a/fs/xfs/xfs_bmap_item.c
> +++ b/fs/xfs/xfs_bmap_item.c
> @@ -519,6 +519,10 @@ xfs_bui_item_recover(
>  	}
>  	xfs_trans_ijoin(tp, ip, 0);
>  
> +	error = xfs_iext_count_may_overflow(ip, whichfork, XFS_IEXT_REMOVE_CNT);
> +	if (error)
> +		goto err_inode;
> +
>  	count = bmap->me_len;
>  	error = xfs_trans_log_finish_bmap_update(tp, budp, type, ip, whichfork,
>  			bmap->me_startoff, bmap->me_startblock, &count, state);
> diff --git a/fs/xfs/xfs_bmap_util.c b/fs/xfs/xfs_bmap_util.c
> index 7b76a48b0885..59d4da38aadf 100644
> --- a/fs/xfs/xfs_bmap_util.c
> +++ b/fs/xfs/xfs_bmap_util.c
> @@ -891,6 +891,11 @@ xfs_unmap_extent(
>  
>  	xfs_trans_ijoin(tp, ip, 0);
>  
> +	error = xfs_iext_count_may_overflow(ip, XFS_DATA_FORK,
> +			XFS_IEXT_REMOVE_CNT);
> +	if (error)
> +		goto out_trans_cancel;
> +
>  	error = xfs_bunmapi(tp, ip, startoffset_fsb, len_fsb, 0, 2, done);
>  	if (error)
>  		goto out_trans_cancel;
> -- 
> 2.28.0
> 